Lucene search
K

121639 matches found

CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smbdirectsendbatch process. In this process, requests may not be signaled with IBSENDSIGNALED...

9.8CVSS5.8AI score0.00442EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.10 views

PT-2026-37169

Name of the Vulnerable Software and Affected Versions Lemmy versions prior to 0.19.18 Description An authenticated low-privileged user can trigger server-side HTTP requests toward internal services. This occurs when a user creates a link post in a public community via the "POST /api/v3/post"...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References10
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/24 12:0 a.m.3 views

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function. The impacted product could be end-of-life EoL and/or end-of-service EoS...

7.2CVSS8.9AI score0.87239EPSS
In wildExploits1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

7.4CVSS5.3AI score0.00281EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.3 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2026:1568-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1568-1 advisory. This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Tenable has...

5.8CVSS5.6AI score0.00297EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/24 12:0 a.m.4 views

EUVD-2025-209575

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

6.5CVSS5.2AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34853

CVE-2026-1949 Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. https://t.co/NRUjOzyfyB...

9.8CVSS5.4AI score0.00611EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

ClassroomIO.com 访问控制错误漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20612-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20612-1 advisory. - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS5.6AI score0.15831EPSS
Exploits6References31
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.11 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

9.1CVSS5.6AI score0.15831EPSS
Exploits6References31
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.7 views

SenseLive X3050 跨站请求伪造漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a cross-site request forgeing vulnerability. This vulnerability arises from the lack of protection against cross-site request forgeing in the w...

8.4CVSS5.7AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

Press 跨站请求伪造漏洞

Press is a custom application developed by Frappe that runs Frappe Cloud. Press has a cross-site request forgeing vulnerability. This vulnerability stems from the press.api.account.createapisecret endpoint, which is vulnerable to CSRF attacks. This endpoint can be accessed via a GET request and...

8.7CVSS5.7AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-41361

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS0.00202EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-32210

Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS0.00584EPSS
Exploits0References1
NVD
NVD
added 2026/04/23 10:16 p.m.5 views

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

5.3CVSS0.00321EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 10:16 p.m.1 views

UBUNTU-CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.31 views

CVE-2026-41347 OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints

OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized...

7.1CVSS0.00112EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41346 OpenClaw 2026.2.26 < 2026.3.31 - Denial of Service via Improper Pending Pairing Request Cap Enforcement

OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts,...

6.3CVSS5.3AI score0.00417EPSS
Exploits0References3
Rows per page
Query Builder